Group items tagged

Saudi Arabias national oil company, Aramco, was attacked by a computer virus, Shamoon, and it is suspected that an insider or employee assisted the hackers. The virus spread through the network and infected about 30,000 PC business computers and wiped their hardrives. This is one of the worst attacks against a single business. The hackers who claimed responsibility, The Cutting Sword of Justice, were politically motived. The companies more important documents including plant operating networks were not affected by the virus because they were on a separate and higher security network. Recently, other Middle Eastern natural gas firms with relations to Saudi Arabia have been hit by cyber attacks. Because the Aramco hackers admitted their motives against the Saudi Arabian government income sources, I think that all the cyber attacks may be politically motivated. As a Middle Eastern oil company with relations to Saudi Arabia, this is a major indication to take precautionary measures and increase network security. This attack demonstrates that no matter how much security you have in place, if an insider is willing to assist hackers or provide hackers with necessary information, you are no longer protected. It would seem imperative that employees with this access are chosen carefully or network access is very limited.

This article lists of some common security breaches that hoteliers need to be aware of and prepare the hotel system for.

This article talks about how cybersecurity can critically affect hospitality businesses if they are not careful about what ways could attack their business.

As the article states, "Protecting the identity and information of a customer is paramount to the success of any business and hotels are no exceptions." Quite unfortunately, cybersecurity issues are some of the biggest obstacles that hotels are experiencing nowadays. With hacking attacks such as phishing and ransomware, hotels need to invest in increasing their cybersecurity as any breach can lead to a downfall in business loyalty and brand.

The hotel is a perfect place for hackers to attack because they have easy access to retrieve thousands of guest information including credit card information, billing addresses, and much more personal information. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, mentioned that the credit card and debit card information is the most in demand by hackers because it is easiest to turn into cash quickly. There are three main steps in a typical data breach and how attackers mostly operate at each level: initial entry, data harvesting, and exfiltration. Close to half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords. Around 42 percent of attacks occurred via third-party connections; 6 percent via SQL injection; 4 percent via exposed services; and 2 percent via remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan. As an IT manager of the hotel, it is crucial to recognize how serious the consequences are for the hotel should the data not be protected well. 

Hey all, here is an article I found that talks about hackers taking over the hospitality industry. It mentions how hackers main objective is to gain access to debit accounts and gain access to customer cash. Also, hackers are also able to infiltrate POS systems along with other valuable technology with in the hospitality industry. Nearly half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords, according to the report. Around 42 percent of attacks occurred via third-party connections; 6 percent, SQL injection; 4 percent, exposed services; and 2 percent, remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan.

hackers are EVERYWHERE!

The article describes the main cyber threats that the hospitality companies face. Over past few years, nearly every major hotel group has been attacked. The same is true for the F&B industry. One of the reasons for that is that the hospitality companies are the ones that process credit card information more than in any other industries. Moreover, hotels and restaurants have many access points for the malware: from wifi networks to POS's. The attackers may also use the third party suppliers (for example, OTA's) to access the hotels' systems. Verizon 2017 Security Payment Report states that less than a half of all hospitality businesses have full credit card payment security compliance. The main type of the attack is POS intrusion. Denial-of-Service Attacks constitute about 20% of the total number. Although they are not so dangerous in terms of sensitive information, they can disturb the company's operations causing significant losses as well. Thus, the hotels and restaurants need to invest in early detection protection provided by the effective firewalls and antiviruses. However, it is also very important to understand that no technology may ever fully substitute the security culture of the company's employees. Many attacks are conducted due to the personal weaknesses of the associates answering the calls, for example. So, in my opinion, in addition to the cyber security systems, there should be appropriate personnel training as well as well elaborated procedure protocols.

This article describes the vulnerabilities in the security systems of the hotel Industry. The POS system was recognized as one of the most vulnerable areas that are more targeted by hackers. This is due to the multiple stations where the POS systems are located on the premises of the hotel. Likewise having POS systems independent of the hotels security system left the system open to hackers. Two options to defending the cyber-defense, are digital walls and employee training. Digital walls works by keeping hackers from accessing the systems. Although even with a strong firewall it is recommended to implement point-to-point encryption (P2PE), this encrypts payment information of guest. the other is tokenization. This uses alphanumeric pseudonym to protect data stored for long periods of time. Another way to prevent cyberattacks is employee training, encourage the use of strong passwords an dhow to detect fraud and phishing attacks.

This article discusses a recent cyber-attack on ICH that is believed to have been a ransomware attack. It's stated that hospitality is the 8th most targeted sector for ransomware as of recently. The recent attack on ICH 4,053 users and 15 employees were compromised, which is actually far less than their last attack in 2016 that effected 1,175 properties. Hotels must take as much precaution as possible against cyber attacks because not only does it decrease their bookings, but they can also be charged millions in fines for information breaches.

In the wake of the Marriott International cyberattack, the article presents the issues with the current issues in the methodology of cybersecurity; first explaining the data of how popular they are in the hospitality industry, and what it means for the industry, before going into the process of how a cyberattack happens and the measures taken to prevent it. Traditional cybersecurity is one of an "incident response" which can only be implemented once a cyberattack occurs and can only prevent it temporarily as a hacker can do similar tasks with different IP addresses and new malware. In order to circumvent this failure of cybersecurity, the article offers a new method in which TTPs (tactics, techniques, and procedures), are used to identify certain components of a hacker and identify how they would carry out an attack, before acting on it before the attack would "reach the network".

This article discusses one of the largest fears of most hospitality firms, and that is keeping their client's personal information private. Most large companies in this industry have become giant data centers for the personal information of millions of people. Breaches of this type of information place the lives of many people at stake. For example, Marriott International had a security breach of over half a billion of its clients which began in 2014 and was not detected until September of this year. Keeping an individual's information away from malignant forces is just plain business sense and any more attacks of this manner will severely hurt the reputation of the business experiencing it.

This article goes in to detail that attackers have targeted information that is acquired on websites such as credit card and other personal information. This writing does tell how PCI and Retail and Hospitality ISAC joined forces to help prevent such attacks from happening on these websites. Now PCI and ISAC are the standard when it comes to protecting information. These attacks are easily undetectable by these websites because they are only skimming for the information. this article does give tips for prevention and detection. PCI is the industry standard and by them teaming with ISAC it will make these websites and your information more safe.

There have been many cyber-attacks in many different nations and that is for many different reasons, such as outdated, human error, and all software being in one vulnerable spot. It is important to always update your programs, use cloud computing, and to educate your personal on all cyber-attacks. It is also important for your teams to understand the "why" behind updating and cloud computing and this is to always keep an upper edge on cyber-attacks. Cyber criminals are always changing their ideas and new ways to take over networks and workday and night to find someone to slip up and it can cause the complete down fall of a company or nation.

The article discusses ransomware attacks on hospitality properties. A 2016 attack left guests locked out of their rooms but the threat could affect different areas of a hospitality business and cause significant disruption to their business. Properties need to be prepared for a security breach with an action plan to prevent cyber-attack. The article points out that it's important to act quickly to segment the network and try to prevent any new devices from being infected. Best practice recommends regular backups and a recovery plan, using anti malware software and being cautious with employee installed software. The most important thing a company can do is to be proactive and prepared for an attack.

The purpose of this article was to review the available literature on the subject of ensuring software integrity for IoT (Internet of Things) devices, focusing on detecting and preventing modification of the original software, so that the device cannot be used for unintended purposes. The literature reviewed; secure boot, trusted boot and runtime security. Concluding that no one single control is going to adequately protect a device the solution based upon 25 years of experience is to create a multi-layered approach to security that starts at the beginning when power is applied, establishes a trusted computing baseline, and anchors that trust in something immutable that cannot be tampered with. Additionally, because a device built today can become a major problem tomorrow, due to them having hardcore keys "set and forget", the internet will then have literally billions of obsolete hosts in the coming years. Therefore it is important for MIS Managers/ Consultants investigate how to change the game in order to mitigate the damage or economic value of new systems being breached and by asking questions such as 'Can we even in the presence of a malicious attacker offer some limited form of security for the most valuable transactions (such as e-banking) or assets?' and 'Can we make the 'business' of the attackers less attractive by applying security technologies that are particularly tailored towards destroying the business model of the attackers?'

In today's world no business entity is impervious to cyber-attacks. Marriot, Hilton and InterContential Hotel Groups were all recently affected by such acts. The traditional cyber-attack method which the hospitality industry employs is oftentimes simply a reaction to the attack- "incident responses". Instead, the industry needs to shift its focus and allocate resources to aid prevention of future of attacks. This new focus was be surrounding tactics, techniques and procedures (TTP) - the ability to identify adversary and implement the necessary processes to hinder attacks.

This article tells us about the importance of having a good cybersecurity. There are some big hospitality companies like Marriott and Hilton which have revealed that many cyberattackes compromised personal information for many guests and that cybersecurity has to be improved.

An example of a cyber attack or ransomware, in a manufacturer. Shows some effects of a ransomware and what a consumer may experience.

High profile hotels near large events have had to respond to events such as mass shootings since the 2017 Las Vegas attack where a guest used as hotel room to carry out the shooting. Concert venues and large hotels are now using surveillance drones and predictive threat analysis to enable their staff to recognize patterns that could indicate signs of trouble. Security costs at large venues are expensive, and they are being passed on via ticket prices. Hotels need to evaluate their need for an active shooter plan and evaluate their "do not disturb" policies and train their staff to alert management when they are unable to enter a guest room, or when they recognize something out of the ordinary.

It is hard to forget how thousands of Target customers financial information was compromised last year due to a breach in security of the company's POS. Target is not the only company that has been infected with this program that steals credit and debit card information. Actually, there have been more than a thousand businesses affected by this malware that has come to be called "Backoff." The malware targets POS systems and has stolen millions of credit card numbers as well as personal information on millions of customers. A large majority of cybercrime is focused on attacking business's POS systems. The malware attacks systems by going through a list of common passwords until it is able to hack the system. "Backoff" then disguises itself as a compatible Java component and collects credit card information. However, Apple has recently announced Apple Pay and many believe this can diminish a lot of cybercrime.

It is hard to forget how thousands of Target customers financial information was compromised last year due to a breach in security of the company's POS. Target is not the only company that has been infected with this program that steals credit and debit card information. Actually, there have been more than a thousand businesses affected by this malware that has come to be called "Backoff." The malware targets POS systems and has stolen millions of credit card numbers as well as personal information on millions of customers. A large majority of cybercrime is focused on attacking business's POS systems. The malware attacks systems by going through a list of common passwords until it is able to hack the system. "Backoff" then disguises itself as a compatible Java component and collects credit card information. However, Apple has recently announced Apple Pay and many believe this can diminish a lot of cybercrime.

This article describes the destructive effects of cyber attacks on enterprises, especially small and medium-sized enterprises. Because it does not have sufficient prevention and sufficient resources for disaster recovery. The most direct cause of current cyber attacks is that people open some risky websites or emails in the wrong place. For the hospitality industry, there is a large amount of customer privacy and sensitive information. Once attacked, its destructiveness is unimaginable. And to protect consumer data, most service industries just comply with local state laws, but most state laws have not made greater progress in information protection. Therefore, enterprises should protect themselves and their customers from cyber threats from the three aspects of their own network endpoints, disaster recovery and education.

Restaurants have always been an easy target for cyber security hackers, in particular, hackers who are looking for credit card and ID information. Restaurants provide hackers with a "wealth of client data" due to the high "volume of credit card transactions and CRM data available." Once given access, a hacker could simple install malware and duplicate all customer information. Already facing critical financial issues during Covid 19, restaurants large and small need to take a stronger presence in the protection of their data. If discovered to be the start of a breach, customers will tend to avoid that business. "Chipotle, for example...got devalued by about $400 million after they suffered a breach," and many small restaurants "go belly up six months after an attack." Below is a summary of the types of attachs restaurants face: 1. Unprotected Wifi 2. Social engineering and phishing attacks. This is actually the one that stood out to me the most because of how sophisticated these attacks can be. It is a reminder that we are all at risk, both the technologically challenged and gifted. 3. Malware 4. Covid 19 Scams 5. Grub hub scams 6. Supply chain scams *A particular issue for restaurants and commercial businesses right now as companies scramble to find new vendors who can supply them with the products they require. 7. Public Health scams 8. Government Stimulus scams 9. Technical support scams How can we fight against these? Here are the recommendations: 1. PCI compliance 2. Hire and IT security professional to conduct a risk analysis and if possible, keep on as a consultant or full time 3. Keep a secure network and change free passwords daily 4. Use the latest operating systems, force multi-factor authentication, strong passwords, and use encryption services for data storage and transfers 5. Install and use robust web-filters and security software programs 6. Maybe most important!!! Train your employees. 5.

The article by, a financial policy author, explains in detail the extent of cyber-attacks in the hospitality industry. The article explains that the hospitality industry is more prone to cyber-attacks, given the nature of information most of the organizations generate daily in their operations. The article explains that most organizations in the hospitality industry may not be aware that they have already been hacked. The article emphasizes the importance of internal audits and the critical evaluation of cyber footprints in hospitality organizations to minimize cyber-attacks. The author of the article delves into the cybersecurity risk factors in the hospitality industry and reports about the UAE IAA members' seminar which was aimed at sharing information and networking with a focus on building cyber-resilience against cyber-attacks. The article shows the prevalence of cyber-attacks in the hospitality industry noting that each stolen data record costs an average of $148 with the average cost of a cyber-attack being valued at over 3 million dollars (Karantzavelou, 2020). The article quotes a statement by the Jumeirah group chief internal audit officer who asserts that protection against cyber threats should be the DNA of every organization, and they should be continuously on the lookout for potential threats and ensure adequate protection. Members in the seminar advised on the importance of having internal auditors to provide assurance, suitable frameworks, and to set up controls to mitigate key cybersecurity risks. The article explains that hotels are prone to Cyber-attacks since they collect varied, valuable and sensitive customer information. The article also cites a cyber-breach in 2018 where up to 500 million customer details and passport information was compromised in an international hotel chain for up to four years continuously without detection (Karantzavelou, 2020). At the bottom line, contributors in the seminar explain the importance of cybe

This article discusses ways that the travel industry can combat cyberthreats. The main cyber concern for hotels' is phishing, which is a scam that collects credit card information by pretending to be apart of a hotel's front desk staff. The article mentions that IT departments should do routinely updates to operating systems and back up data and files. Employees should also be trained to help prevent data breaches. The author briefly touched on what to do when your hotel system is hacked and even dives into how the airline industry is still very unequipped to handle cyberattacks and threats. This is a great read to learn how to keep up with best security practices in the hospitality and tourism industry.

This article outlines some of the main cyber attacks on the Hospitality industry. It exposes the threats due to the wealth of data stored in PMS, POS and CRM and suggests steps to take to protect against malware and randsomeware. The article further highlights the necessity for antivirus software on all devices.

The article describes the five most common cybersecurity risks for hotel brands such as ransomware, remote hacking and DDoS attacks. The operational elements of each risk have also been discussed. It also covers best practices that hotels and other hospitality organizations can adopt to curb breaches.